Re: How secure is your e-mail password?



On Sep 20, 10:06 am, "James H. Markowitz" <no...@xxxxxxxxxxx> wrote:
On Mon, 20 Sep 2010 14:42:13 +0200, Anonymous Remailer (austria) wrote:
http://news.cnet.com/8301-27080_3-20016442-245.html?tag=topImage3

I don't understand why most POP email is still authenticated using
cleartext passwords instead of digest (hash) based authentication (which
doesn't send the password itself but a hash of the password). Anyone can
steal your e-mail password by simply monitoring on a public network.

        That's also true if you send a hash of the password, rather than
the password itself, in the clear. It makes no difference to the attacker
what the original password may have been.
Correct, since the password space is searchable by brute force (even
with the use of salts and nones). See, for example, "Strong Password-
Only Authenticated Key Exchange" by David P. Jablon, Section 1.1, The
Remote Password Problem.
.



Relevant Pages